R3166-R3206-HP High-End Firewalls VPN Configuration Guide-6PW101
23
Item Descri
p
tion
Enable the NAT traversal
function
Enable the NAT traversal function for IPsec/IKE.
In main mode, IKE does not support NAT traversal and therefore this item is
unavailable.
IMPORTANT:
To save IP addresses, ISPs often deploy NAT gateways on public networks to
allocate private IP addresses to users. In this case, one end of an IPsec/IKE tunnel
may have a public address while the other end may have a private address, and
therefore NAT traversal must be configured at the private network side to set up
the tunnel.
Return to IKE configuration task list.
Viewing IKE SAs
Select VPN > IKE > IKE SA from the navigation tree to display brief information about established
ISAKMP SAs, as shown in Figure 21.
You can click Delete All to remove all ISAKMP SAs. When you clear
a local IPsec SA, if the corresponding ISAKMP SA is still present, the local end will send a Delete
Message to the remote end across the ISAKMP SA, notifying the remote end to delete the corresponding
IPsec SA. If the corresponding ISAKMP SA is no longer present, the local end cannot notify the remote
end to clear the corresponding IPsec SA.
Figure 21 IKE SA list
Table 8 IKE SA information fields
Field Descri
p
tion
Connection ID Identifier of the tunnel.
Remote IP Address
Remote IP address of the SA.